Squid - Custom config



  • Hello All,

    I am a novice with this, so looking for some advice.

    I am about to setup a new network, featuring pfSense acting as Firewall/proxy.

    I want users to be forced to a webpage when they open IE (I could set this via group policy but this would mean 3rd parties would not be directed to it).
    Here I will have a landing page that will have links to internal web based systems.

    It will also feature a number of "safe" links such as our own home page, Phone Directories, local traffic news sites.

    How can I allow access to certain websites without having to authenticate - I found this - http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass

    But it seems this might only apply to squid directly…

    How can I force all users to one page when the open IE?
    I know Captive portal would suffice, but I dont want users to have to authenticate on this, it would just feature a button that said "online" which would then obviously prompt them for squid proxy info as they were trying to access a page not on the "safe list".

    Can this forced re-direct be done with squid?

    Thanks

    Andy



  • It sounds like transparent Squid alone ( no captive portal ) might be your best option.  You can setup a home page that each user will see that has a list of 'allowed' links.  You can set these links to bypass the squid redirect and therefore be allowed -OR- set your squid blacklist to '.' (all) and include these allowed sites in your whitelist.  Then, include the list of authorized people who will not be subject to the blocks in the Unrestricted IPs list.

    The package forum should have much more useful information for you.



  • Can someone advice the best way of acheving what I am after?

    I am a little unclear on how best to do it… I understand the reason for transparent proxy but does this mean that I cant have some computers (servers) not going through it?

    Thanks

    Andy


Log in to reply